Bug 737780: diagnostic for crashes in GetNameFromBytecode, r=luke
authorDavid Mandelin <dmandelin@mozilla.com>
Mon, 02 Apr 2012 11:31:37 -0700
changeset 94182 d272cfd24b5346a2e2776e0ab955f558326e9f62
parent 94181 a214d423b525ed3d216a3f89547ec11418d106de
child 94183 15fc1cf4e5b2d29c0c4e1f3b54647fa534c622a3
push id886
push userlsblakk@mozilla.com
push dateMon, 04 Jun 2012 19:57:52 +0000
treeherdermozilla-beta@bbd8d5efd6d1 [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersluke
bugs737780
milestone14.0a1
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Bug 737780: diagnostic for crashes in GetNameFromBytecode, r=luke
js/src/jsopcodeinlines.h
js/src/vm/Stack-inl.h
js/src/vm/Stack.h
--- a/js/src/jsopcodeinlines.h
+++ b/js/src/jsopcodeinlines.h
@@ -48,17 +48,17 @@ GetNameFromBytecode(JSContext *cx, jsbyt
     if (op == JSOP_LENGTH)
         return cx->runtime->atomState.lengthAtom;
 
     // The method JIT's implementation of instanceof contains an internal lookup
     // of the prototype property.
     if (op == JSOP_INSTANCEOF)
         return cx->runtime->atomState.classPrototypeAtom;
 
-    JSScript *script = cx->stack.currentScript();
+    JSScript *script = cx->stack.currentScriptWithDiagnostics();
     PropertyName *name;
     GET_NAME_FROM_BYTECODE(script, pc, 0, name);
     return name;
 }
 
 class BytecodeRange {
   public:
     BytecodeRange(JSScript *script)
--- a/js/src/vm/Stack-inl.h
+++ b/js/src/vm/Stack-inl.h
@@ -604,16 +604,55 @@ ContextStack::currentScript(jsbytecode *
     if (script->compartment() != cx_->compartment)
         return NULL;
 
     if (ppc)
         *ppc = fp->pcQuadratic(*this);
     return script;
 }
 
+inline JSScript *
+ContextStack::currentScriptWithDiagnostics(jsbytecode **ppc) const
+{
+    if (ppc)
+        *ppc = NULL;
+
+    FrameRegs *regs = maybeRegs();
+    StackFrame *fp = regs ? regs->fp() : NULL;
+    while (fp && fp->isDummyFrame())
+        fp = fp->prev();
+    if (!fp)
+        *(int *) 0x10 = 0;
+
+#ifdef JS_METHODJIT
+    mjit::CallSite *inlined = regs->inlined();
+    if (inlined) {
+        mjit::JITChunk *chunk = fp->jit()->chunk(regs->pc);
+        JS_ASSERT(inlined->inlineIndex < chunk->nInlineFrames);
+        mjit::InlineFrame *frame = &chunk->inlineFrames()[inlined->inlineIndex];
+        JSScript *script = frame->fun->script();
+        if (script->compartment() != cx_->compartment)
+            *(int *) 0x20 = 0;
+        if (ppc)
+            *ppc = script->code + inlined->pcOffset;
+        return script;
+    }
+#endif
+
+    JSScript *script = fp->script();
+    if (script->compartment() != cx_->compartment)
+        *(int *) 0x30 = 0;
+
+    if (ppc)
+        *ppc = fp->pcQuadratic(*this);
+    if (!script)
+        *(int *) 0x40 = 0;
+    return script;
+}
+
 inline JSObject *
 ContextStack::currentScriptedScopeChain() const
 {
     return &fp()->scopeChain();
 }
 
 } /* namespace js */
 #endif /* Stack_inl_h__ */
--- a/js/src/vm/Stack.h
+++ b/js/src/vm/Stack.h
@@ -1685,16 +1685,17 @@ class ContextStack
                          InitialFrameFlags initial, Value **stackLimit);
     void popInlineFrame(FrameRegs &regs);
 
     /* Pop a partially-pushed frame after hitting the limit before throwing. */
     void popFrameAfterOverflow();
 
     /* Get the topmost script and optional pc on the stack. */
     inline JSScript *currentScript(jsbytecode **pc = NULL) const;
+    inline JSScript *currentScriptWithDiagnostics(jsbytecode **pc = NULL) const;
 
     /* Get the scope chain for the topmost scripted call on the stack. */
     inline JSObject *currentScriptedScopeChain() const;
 
     /*
      * Called by the methodjit for an arity mismatch. Arity mismatch can be
      * hot, so getFixupFrame avoids doing call setup performed by jit code when
      * FixupArity returns.